SEO

Hello,

With the setup I use with SPF (around 15-20,000 emails per day to me
or the aliases that come to me) and ...

postfix or sendmail, sometimes exim
amavis-new
spamassassin
python-pydns
python-pydspam
python-pyspf
python-pygossip
python-pysrs

About 85% of emails are rejected before the smtp data stage saving a lot
of more expensive resources.

Once through the above I get 4-5 emails that are not taged that are spam
and 2-3 false positives. My data basis are trained and I use razor.
The below is from a header that has been through spamassassin and marked
as spam.


1.4 MSGID_FROM_MTA_ID Message-Id for external message added locally
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
lines
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see
<http://www.spamcop.net/bl.shtml?220.92.37.23>]
3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[220.92.37.23 listed in sbl-xbl.spamhaus.org]
1.6 URIBL_SBL Contains an URL listed in the SBL blocklist
[URIs: conitaf.com.cn]
3.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL
blocklist

It is then run through sa-learn to report it and auto deleted. The IP
that the email came from reputation is then dinged for the spam. The same
applies for a valid email. Domains and IP addresses are blacklisted at
certain levels. This is all configurable. So I really recommend these
tools.


--
Boyd Gerber <gerberb@zenez.com>
ZENEZ 1042 East Fort Union #135, Midvale Utah 84047

On 6 Mar, 08:25, Boyd Lynn Gerber <gerb...@zenez.com> wrote:
> Hello,
>
> With the setup I use with SPF (around 15-20,000 emails per day to me
> or the aliases that come to me) and ...
>
> postfix or sendmail, sometimes exim
> amavis-new
> spamassassin
> python-pydns
> python-pydspam
> python-pyspf
> python-pygossip
> python-pysrs
>
> About 85% of emails are rejected before the smtp data stage saving a lot
> of more expensive resources.
>
> Once through the above I get 4-5 emails that are not taged that are spam
> and 2-3 false positives. *My data basis are trained and I use razor.
> The below is from a header that has been through spamassassin and marked
> as spam.
>
> 1.4 MSGID_FROM_MTA_ID * * *Message-Id for external message added locally
> *0.0 UNPARSEABLE_RELAY * * *Informational: message has unparseablerelay
> lines
> *3.5 BAYES_99 * * * * * * * BODY: Bayesian spam probability is 99 to 100%
> * * * * * * * * * * * * * * [score: 1.0000]
> *1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
> * * * * * * * * * * * * * * above 50%
> * * * * * * * * * * * * * * [cf: 100]
> *0.5 RAZOR2_CHECK * * * * * Listed in Razor2 (http://razor.sf.net/)
> *0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
> * * * * * * * * * * * * * * [cf: 100]
> *1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
> * * * * * * * * [Blocked - see
> <http://www.spamcop.net/bl.shtml?220.92.37.23>]
> *3.9 RCVD_IN_XBL * * * * * *RBL: Received via a relay in Spamhaus XBL
> * * * * * * * * * * * * * * [220.92.37.23 listed in sbl-xbl.spamhaus.org]
> *1.6 URIBL_SBL * * * * * * *Contains an URL listed in the SBL blocklist
> * * * * * * * * * * * * * * [URIs: conitaf.com..cn]
> *3.0 URIBL_OB_SURBL * * * * Contains an URL listed in the OB SURBL
> blocklist
>
> It is then run through sa-learn to report it and auto deleted. *The IP
> that the email came from reputation is then dinged for the spam. *The same
> applies for a valid email. *Domains and IP addresses are blacklisted at
> certain levels. *This is all configurable. *So I really recommend these
> tools.

For more individualized and even more effective spam blocking, you
might look at CRM114 over at Sourceforge. Some spammers tune their
spam to get past Spamassassin, but they haven't had much luck yet with
crm114.